PT-2021-11789 · Mb Connect Line+1 · Mbconnect24+2
Published
2021-02-16
·
Updated
2023-02-10
·
CVE-2020-35557
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
MB connect line mymbCONNECT24 versions through 2.11.2
mbCONNECT24 versions through 2.11.2
Helmholz myREX24 versions through 2.11.2
myREX24.virtual versions through 2.11.2
Description:
The issue allows a logged-in user to see devices in the account he should not have access to due to improper use of access validation. This is caused by the improper use of access validation, enabling a logged-in user to interact with devices in the account he should not have access to.
Recommendations:
For MB connect line mymbCONNECT24 versions through 2.11.2, update to a version later than 2.11.2 to resolve the issue.
For mbCONNECT24 versions through 2.11.2, update to a version later than 2.11.2 to resolve the issue.
For Helmholz myREX24 versions through 2.11.2, update to a version later than 2.11.2 to resolve the issue.
For myREX24.virtual versions through 2.11.2, update to a version later than 2.11.2 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive devices until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mbconnect24
Myrex24
Myrex24.Virtual